August 30th, 2006, 08:54 AM
SSL dump not dumping password
Hi I'm not sure if this is the right place for this, so forgive me if it si wrong and place it in the correct place.
Ok so I have my own network at home humming nicely along for me to conduct my experiments on whilst watching all those nice videos from Irongeeek.com.
My issue is the MITM attack with ettercap and ssldump.
basically i can capture the data from my gmail login but when i look for the password
cat out.txt | grep pass
it finds nothing.....so i opened it with kwrte and did a few more searches in the file and typed in my email addy and that was in there, but nothing that even came close ot my password
am I a)doing something wrong????
b)are they encrypting it further and i might need a script or something?
it was the same story for my bank login as well
bu i couldn't even find my memeber number in this file
I appreciate any info on this
August 30th, 2006, 11:21 AM
They might use some hashing on the password..
I don't know about this..
Could you paste part of the file (perhaps with faked hashes for your own safety.. or setup a test gmail account with a password you don't mind publishing)..
That might help us look at it.. I'm kinda interrested to check it out.. Just don't feel like testing it myself atm.. as I have loads of stuff to do..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
August 30th, 2006, 02:00 PM
Jinx, Sir, Mr etc
I set up an account at gmail specifically for this purpose so feel free to do what must be done...
Again i really apreciate the help
but right now i'm going to search up hashing and ssl
Cheers for the lead
August 31st, 2006, 11:17 AM
SSL Dump Gmail hashing now?
sorry to bum this but I really wanted to know why I couldn't find the user name and password after performing a MITM with the email and password for Gmail
any help is appreciated
September 3rd, 2006, 10:31 AM
SSL ettercap clear passwords on some sites
O.k it's been a few days and I have been doing heaps of reading heapssssssssss
My question is
Gmail now works and ettercap does a fine job of finding the username and password
this is because of the modifications to my
I understand that it must be done now.
What i don't understand is why when i log into my bank or into my server which are using port 443(bank) and port 445 for my ipcops server Ettercap isn't picking it up????
when i view the profiles the traffic registers and obviously i am set for a MITM attack so this is good
but i can't work out for the life of me why ettercap won't pick up this session between me and my server and me and my bank even though the traffic is clearly registered
please please please help this miserable newbie out